tcpdump mailing list archives
Re: capturing 802.11 frames with udp protocol..
From: "Justin Robinson" <csmjmr () bath ac uk>
Date: Thu, 17 Jul 2003 00:18:41 +0100
Can pcap_datalink() tell me if I'm using PPPoA, as opposed to ethernet and 802.11? I'm using an ADSL modem that uses PPPoA, and it would be excellent if pcap_datalink() could say if this interface is available. ----- Original Message ----- From: "Guy Harris" <guy () alum mit edu> To: "M. Onur ERGiN" <monurergin () yahoo com> Cc: <tcpdump-workers () tcpdump org> Sent: Wednesday, July 16, 2003 7:34 PM Subject: Re: [tcpdump-workers] capturing 802.11 frames with udp protocol..
On Wednesday, July 16, 2003, at 7:53 AM, M. Onur ERGiN wrote:I do the following: /*********************************** int size_MAC; //size of the mac layer header (802.11 or ethernet) if(strcmp(dev,"eth1")==0) size_MAC = sizeof(struct ieee_802_11_header)+2; else size_MAC = sizeof(struct ether_header);Don't do that. Instead, determine the link-layer header of packets supplied on an interface by asking libpcap what it is, by calling "pcap_datalink()". If it's DLT_EN10MB, it's an Ethernet header (yes, even if you're sniffing on an 802.11 device; see Alex Medvedev's reply to your message); if it's DLT_IEEE802_11, it's an 802.11 header (which, by the way, is not always the same length!); if it's something other than either of those, it's neither an Ethernet header nor an 802.11 header.first, I cast the complete packet to a 802.11 header. then I cast the rest to an ip header and the rest to a udp header. but when I try to get the very last one (which is supposed to be the payload) I see nothing on the screen using printf("%s...);If the payload isn't text, printf("%s..."); isn't going to print it correctly - especially if the first byte of payload is zero, in which case printf("%s..."); isn't going to print *anything*. If the payload *is* text, it's still not going to work correctly unless the captured packet data has a zero byte at the end of the text, which it won't necessarily have (it won't have it for HTTP, for example), unless you've put it there. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use
mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- capturing 802.11 frames with udp protocol.. M. Onur ERGiN (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. alex medvedev (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. Guy Harris (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. Justin Robinson (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. Guy Harris (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. M. Onur ERGiN (Jul 17)
- Re: capturing 802.11 frames with udp protocol.. Justin Robinson (Jul 16)
- Re: capturing 802.11 frames with udp protocol.. Peter Moody (Jul 16)